Jump to content

lordonia

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

 Content Type 

Posts posted by lordonia

    Reinfection with PUM.Hijack.StartMenu

    in Resolved Malware Removal Logs

    Posted

    I wasn't able to get ProcessMonitor to work but I tracked down what's causing it to recur. I'm on Windows 7.

    Start menu > customize > set Computer option to Don't Display This Item > Save. The next time malwarebytes runs, it will find and quarantine PUM.Hijack.StartMenu and the start menu Computer option will be set back to the default of Display as a Link.

    Reinfection with PUM.Hijack.StartMenu

    in Resolved Malware Removal Logs

    Posted

    1. From ProcessMonitor > Options > Enable Bootlooging. A window displays: "Process Monitor is configured to log activity during the next boot."

    I did not check the box to Generate Profile events.

    2. Restart. ProcessMonitor did not open automatically after restarting.

    3. Open procmon.ext > click Run.

    4. The main window is blank, no process name or any text shown.

    5. Alert window: "A log of boot-time activity was created by a previous instance of Process Monitor. Do you wish to save the collected data now?"

    6. Click Yes > save the Bootlog.pml file.

    7. Two files are created, both called Bootlog.pml. I'm not able to open or view them. They're both over 200 MB.

    Reinfection with PUM.Hijack.StartMenu

    in Resolved Malware Removal Logs

    Posted

    Thanks, Daniel. Second shot:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced

    Start_SearchFiles REG_DWORD 0x2

    ServerAdminUI REG_DWORD 0x0

    Hidden REG_DWORD 0x1

    ShowCompColor REG_DWORD 0x1

    HideFileExt REG_DWORD 0x0

    DontPrettyPath REG_DWORD 0x0

    ShowInfoTip REG_DWORD 0x1

    HideIcons REG_DWORD 0x0

    MapNetDrvBtn REG_DWORD 0x0

    WebView REG_DWORD 0x1

    Filter REG_DWORD 0x0

    SuperHidden REG_DWORD 0x0

    SeparateProcess REG_DWORD 0x0

    AutoCheckSelect REG_DWORD 0x0

    IconsOnly REG_DWORD 0x0

    ShowTypeOverlay REG_DWORD 0x1

    ListviewAlphaSelect REG_DWORD 0x1

    ListviewShadow REG_DWORD 0x1

    TaskbarAnimations REG_DWORD 0x1

    StartMenuInit REG_DWORD 0x4

    Start_MinMFU REG_DWORD 0x5

    Start_JumpListItems REG_DWORD 0x5

    TaskbarSizeMove REG_DWORD 0x0

    DisablePreviewDesktop REG_DWORD 0x1

    TaskbarSmallIcons REG_DWORD 0x1

    TaskbarGlomLevel REG_DWORD 0x2

    Start_PowerButtonAction REG_DWORD 0x2

    Start_TrackProgs REG_DWORD 0x0

    Start_TrackDocs REG_DWORD 0x0

    FolderContentsInfoTip REG_DWORD 0x1

    Start_ShowMyComputer REG_DWORD 0x1

    Start_ShowMyDocs REG_DWORD 0x2

    Start_ShowMyGames REG_DWORD 0x0

    Start_NotifyNewApps REG_DWORD 0x0

    Start_ShowMyMusic REG_DWORD 0x0

    Start_ShowMyPics REG_DWORD 0x0

    Start_ShowRun REG_DWORD 0x1

    Start_AdminToolsRoot REG_DWORD 0x0

    StartMenuAdminTools REG_DWORD 0x1

    Start_ShowSetProgramAccessAndDefaults REG_DWORD 0x0

    Start_ShowHelp REG_DWORD 0x0

    Start_ShowUser REG_DWORD 0x0

    AlwaysShowMenus REG_DWORD 0x1

    NavPaneShowAllFolders REG_DWORD 0x1

    ExtendedUIHoverTime REG_DWORD 0xf4240

    Start_LargeMFUIcons REG_DWORD 0x0

    Start_ShowPrinters REG_DWORD 0x1

    Start_SearchPrograms REG_DWORD 0x0

    Start_ShowRecordedTV REG_DWORD 0x0

    Start_ShowNetPlaces REG_DWORD 0x0

    Reinfection with PUM.Hijack.StartMenu

    in Resolved Malware Removal Logs

    Posted

    Thanks! Here 'tis:

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced

    Start_SearchFiles REG_DWORD 0x2

    ServerAdminUI REG_DWORD 0x0

    Hidden REG_DWORD 0x1

    ShowCompColor REG_DWORD 0x1

    HideFileExt REG_DWORD 0x0

    DontPrettyPath REG_DWORD 0x0

    ShowInfoTip REG_DWORD 0x1

    HideIcons REG_DWORD 0x0

    MapNetDrvBtn REG_DWORD 0x0

    WebView REG_DWORD 0x1

    Filter REG_DWORD 0x0

    SuperHidden REG_DWORD 0x0

    SeparateProcess REG_DWORD 0x0

    AutoCheckSelect REG_DWORD 0x0

    IconsOnly REG_DWORD 0x0

    ShowTypeOverlay REG_DWORD 0x1

    ListviewAlphaSelect REG_DWORD 0x1

    ListviewShadow REG_DWORD 0x1

    TaskbarAnimations REG_DWORD 0x1

    StartMenuInit REG_DWORD 0x4

    Start_MinMFU REG_DWORD 0x5

    Start_JumpListItems REG_DWORD 0x5

    TaskbarSizeMove REG_DWORD 0x0

    DisablePreviewDesktop REG_DWORD 0x1

    TaskbarSmallIcons REG_DWORD 0x1

    TaskbarGlomLevel REG_DWORD 0x2

    Start_PowerButtonAction REG_DWORD 0x2

    Start_TrackProgs REG_DWORD 0x0

    Start_TrackDocs REG_DWORD 0x0

    FolderContentsInfoTip REG_DWORD 0x1

    Start_ShowMyComputer REG_DWORD 0x1

    Start_ShowMyDocs REG_DWORD 0x2

    Start_ShowMyGames REG_DWORD 0x0

    Start_NotifyNewApps REG_DWORD 0x0

    Start_ShowMyMusic REG_DWORD 0x0

    Start_ShowMyPics REG_DWORD 0x0

    Start_ShowRun REG_DWORD 0x1

    Start_AdminToolsRoot REG_DWORD 0x0

    StartMenuAdminTools REG_DWORD 0x1

    Start_ShowSetProgramAccessAndDefaults REG_DWORD 0x0

    Start_ShowHelp REG_DWORD 0x0

    Start_ShowUser REG_DWORD 0x0

    AlwaysShowMenus REG_DWORD 0x1

    NavPaneShowAllFolders REG_DWORD 0x1

    ExtendedUIHoverTime REG_DWORD 0xf4240

    Start_LargeMFUIcons REG_DWORD 0x0

    Start_ShowPrinters REG_DWORD 0x1

    Start_SearchPrograms REG_DWORD 0x0

    Start_ShowRecordedTV REG_DWORD 0x0

    Start_ShowNetPlaces REG_DWORD 0x0

    Reinfection with PUM.Hijack.StartMenu

    in Resolved Malware Removal Logs

    Posted

    Malwarebytes Anti-Malware (PRO) 1.70.0.1100

    www.malwarebytes.org

    Database version: v2013.03.28.07

    Windows 7 Service Pack 1 x86 NTFS

    Internet Explorer 9.0.8112.16421

    Protection: Enabled

    3/28/2013 10:20:58 AM

    mbam-log-2013-03-28 (10-20-58).txt

    Scan type: Flash scan

    Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

    Scan options disabled: Registry | File System

    Objects scanned: 164493

    Time elapsed: 1 minute(s), 20 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 0

    (No malicious items detected)

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 1

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0

    (No malicious items detected)

    Files Detected: 0

    (No malicious items detected)

    (end)

    Reinfection with PUM.Hijack.StartMenu

    in Resolved Malware Removal Logs

    Posted

    dds.txt file ----------------------

    DDS (Ver_2012-11-20.01) - NTFS_x86

    Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 1.6.0_26

    Run by ldavies at 19:26:21 on 2013-03-28

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3036.1852 [GMT -4:00]

    .

    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

    .

    ============== Running Processes ================

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    c:\Program Files\Microsoft Security Client\MsMpEng.exe

    C:\Windows\System32\spoolsv.exe

    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe

    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Windows\system32\taskhost.exe

    c:\Program Files\Microsoft Security Client\NisSrv.exe

    C:\Windows\System32\rundll32.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\DellTPad\Apoint.exe

    C:\Windows\System32\igfxtray.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\DellTPad\ApMsgFwd.exe

    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Microsoft IntelliPoint\ipoint.exe

    C:\Program Files\Microsoft Security Client\msseces.exe

    C:\Program Files\DellTPad\Apntex.exe

    C:\Program Files\DellTPad\HidFind.exe

    C:\Windows\system32\conhost.exe

    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\Program Files\Nuance\PaperPort\pptd40nt.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Users\ldavies\AppData\Roaming\7 Taskbar Tweaker\7+ Taskbar Tweaker.exe

    C:\Users\ldavies\AppData\Local\Akamai\netsession_win.exe

    C:\Users\ldavies\AppData\Local\Akamai\netsession_win.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files\Common Files\Java\Java Update\jucheck.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Users\ldavies\Desktop\RogueKiller.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    c:\Program Files\Microsoft Security Client\MpCmdRun.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\system32\svchost.exe -k HsfXAudioService

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.google.com/ig

    uProxyOverride = <local>

    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    BHO: Advertising Cookie Opt-out: {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - c:\program files\google\advertising cookie opt-out\opt_out.dll

    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

    BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

    uRun: [eyeBeam SIP Client] <no file>

    mRun: [Apoint] c:\program files\delltpad\Apoint.exe

    mRun: [igfxTray] c:\windows\system32\igfxtray.exe

    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

    mRun: [Persistence] c:\windows\system32\igfxpers.exe

    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

    mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe

    mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

    mRun: [indexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"

    mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"

    mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\12\config\ereg\Ereg.ini"

    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

    mPolicies-System: ConsentPromptBehaviorUser = dword:3

    mPolicies-System: EnableLUA = dword:0

    mPolicies-System: EnableUIADesktopToggle = dword:0

    mPolicies-System: PromptOnSecureDesktop = dword:0

    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    TCP: NameServer = 10.0.0.1

    TCP: Interfaces\{08BAF12D-7566-4D4E-82F8-71E2D1FE69EA} : DHCPNameServer = 10.0.0.1

    TCP: Interfaces\{08BAF12D-7566-4D4E-82F8-71E2D1FE69EA}\0556475627D24527166756C6D275962756C6563737 : DHCPNameServer = 192.168.1.1

    TCP: Interfaces\{08BAF12D-7566-4D4E-82F8-71E2D1FE69EA}\0556475627D24527166756C6D275962756C6563737F52374548545 : DHCPNameServer = 192.168.1.1

    TCP: Interfaces\{08BAF12D-7566-4D4E-82F8-71E2D1FE69EA}\34F657274797162746D27457563747 : DHCPNameServer = 12.127.17.71 12.127.17.72

    TCP: Interfaces\{08BAF12D-7566-4D4E-82F8-71E2D1FE69EA}\35472716475737031313538373 : DHCPNameServer = 10.25.35.1

    TCP: Interfaces\{08BAF12D-7566-4D4E-82F8-71E2D1FE69EA}\C425D434D2055726C69636 : DHCPNameServer = 10.1.3.254

    TCP: Interfaces\{B29B7FC2-23C7-4B44-9286-09FACA3BBEB5} : DHCPNameServer = 10.120.99.5

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

    Notify: igfxcui - igfxdev.dll

    SSODL: WebCheck - <orphaned>

    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - c:\users\ldavies\appdata\roaming\mozilla\firefox\profiles\q60g8qao.default\

    FF - prefs.js: browser.startup.homepage - igoogle.com

    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

    FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll

    FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll

    FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll

    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

    FF - plugin: c:\users\ldavies\appdata\local\citrix\plugins\94\npappdetector.dll

    FF - plugin: c:\users\ldavies\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll

    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll

    FF - plugin: c:\windows\system32\npdeployJava1.dll

    FF - plugin: c:\windows\system32\npmproxy.dll

    FF - plugin: c:\windows\system32\NPPLG70N.DLL

    FF - ExtSQL: 2013-02-01 07:14; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]

    R1 MpKsl1a2ed16a;MpKsl1a2ed16a;c:\programdata\microsoft\microsoft antimalware\definition updates\{88aae5eb-c40a-4711-b938-c582b652241c}\MpKsl1a2ed16a.sys [2013-3-28 29904]

    R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-2-12 398184]

    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-2-12 682344]

    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 100328]

    R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]

    R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-3-25 47104]

    R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-3-25 49152]

    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-5-26 143968]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-2-12 21104]

    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]

    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-25 167936]

    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

    S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-5-26 134144]

    S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-3-25 38400]

    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-7-20 52224]

    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-16 1343400]

    .

    =============== Created Last 30 ================

    .

    2013-03-28 23:16:55 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{88aae5eb-c40a-4711-b938-c582b652241c}\MpKsl1a2ed16a.sys

    2013-03-28 20:30:06 7108640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{88aae5eb-c40a-4711-b938-c582b652241c}\mpengine.dll

    2013-03-27 23:35:19 7108640 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

    2013-03-26 14:23:33 -------- d-----w- c:\program files\Macrovision Corporation

    2013-03-26 02:50:07 -------- d-----w- c:\users\ldavies\appdata\local\Akamai

    2013-03-20 23:49:31 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{24ad9560-85dd-4295-af00-260757fee297}\gapaengine.dll

    2013-03-17 20:53:42 -------- d-----w- c:\users\ldavies\appdata\roaming\FLEXnet

    2013-03-17 20:20:02 -------- d-----w- c:\users\ldavies\appdata\roaming\Nuance

    2013-03-17 20:18:42 -------- d-----w- c:\program files\common files\ScanSoft Shared

    2013-03-17 20:18:41 -------- d-----w- c:\programdata\Nuance

    2013-03-17 20:18:41 -------- d-----w- c:\program files\Nuance

    2013-03-17 15:27:31 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

    2013-03-15 22:32:46 -------- d-----w- c:\users\ldavies\appdata\roaming\Nolo

    2013-03-15 22:32:44 -------- d-----w- c:\users\ldavies\appdata\local\Quicken WillMaker Plus 2013

    2013-03-15 22:31:15 -------- d-----w- c:\program files\Quicken WillMaker Plus 2013

    2013-03-12 19:12:56 -------- d-----w- c:\program files\Trivantis

    2013-03-08 20:05:49 -------- d-----w- c:\users\ldavies\appdata\roaming\webex

    2013-03-08 19:25:58 -------- d-----w- c:\programdata\WebEx

    2013-03-08 18:36:29 -------- d-----r- c:\users\ldavies\appdata\roaming\Brother

    2013-03-08 02:06:01 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe

    2013-03-08 02:06:01 19352 ----a-w- c:\program files\mozilla firefox\xpcom.dll

    2013-03-08 02:06:01 17887640 ----a-w- c:\program files\mozilla firefox\xul.dll

    2013-03-08 02:06:00 865744 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe

    2013-03-08 02:06:00 272280 ----a-w- c:\program files\mozilla firefox\updater.exe

    2013-03-08 02:06:00 170232 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe

    2013-03-08 02:06:00 155544 ----a-w- c:\program files\mozilla firefox\ssl3.dll

    2013-03-06 14:47:55 -------- d-----w- c:\users\ldavies\appdata\local\Citrix

    2013-03-05 19:04:03 -------- d-----w- c:\users\ldavies\appdata\roaming\Sling Media

    2013-03-05 19:03:57 -------- d-----w- c:\program files\Sling Media

    2013-03-02 12:59:42 -------- d-----w- c:\users\ldavies\appdata\local\Screencast-O-Matic

    .

    ==================== Find3M ====================

    .

    2013-03-13 18:37:20 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2013-03-13 18:37:20 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2013-03-02 13:50:40 472808 ----a-w- c:\windows\system32\deployJava1.dll

    2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

    2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

    2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll

    2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

    2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll

    2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe

    2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll

    2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb

    2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe

    2013-01-20 20:59:04 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys

    2013-01-20 20:59:04 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

    2013-01-12 08:30:38 859552 ----a-w- c:\windows\system32\npdeployJava1.dll

    2013-01-11 13:25:11 60304 ----a-w- c:\users\ldavies\g2mdlhlpx.exe

    2013-01-05 05:00:15 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2013-01-05 05:00:11 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe

    2013-01-04 04:50:52 169984 ----a-w- c:\windows\system32\winsrv.dll

    2013-01-04 03:00:29 2347008 ----a-w- c:\windows\system32\win32k.sys

    2013-01-03 05:05:20 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2013-01-03 05:04:43 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

    .

    ============= FINISH: 19:27:02.51 ===============

    Attach.txt file: --------------------------

    .

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows 7 Home Premium

    Boot Device: \Device\HarddiskVolume2

    Install Date: 6/15/2010 1:18:51 PM

    System Uptime: 3/27/2013 4:20:27 PM (27 hours ago)

    .

    Motherboard: Dell Inc. | | 047MWF

    Processor: Intel® Core2 Duo CPU T6570 @ 2.10GHz | Microprocessor | 2079/200mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 218 GiB total, 170.726 GiB free.

    D: is CDROM ()

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP182: 3/10/2013 10:39:35 AM - Windows Update

    RP183: 3/13/2013 7:57:17 PM - Windows Update

    RP184: 3/15/2013 6:30:51 PM - Installed Quicken WillMaker Plus 2013

    RP185: 3/16/2013 8:19:30 AM - Windows Update

    RP186: 3/17/2013 11:27:34 AM - Windows Update

    RP188: 3/17/2013 4:01:44 PM - Removed Brother Software Suite

    RP189: 3/17/2013 4:14:53 PM - Removed PaperPort Image Printer

    RP190: 3/17/2013 4:15:22 PM - Removed ScanSoft PaperPort 11

    RP191: 3/17/2013 4:16:21 PM - Installed MSXML 4.0 SP3 Parser

    RP192: 3/17/2013 4:16:54 PM - Installed Microsoft Visual C++ 2005 Redistributable

    RP193: 3/17/2013 4:18:01 PM - Installed Nuance PaperPort 12

    RP194: 3/17/2013 4:20:18 PM - Installed Nuance PDF Viewer Plus.

    RP195: 3/17/2013 4:21:15 PM - Installed PaperPort Image Printer

    RP196: 3/19/2013 7:34:05 AM - Windows Update

    RP197: 3/22/2013 8:14:06 PM - Windows Update

    RP198: 3/25/2013 8:25:45 PM - Windows Update

    RP199: 3/26/2013 10:34:40 AM - Removed Nuance PDF Viewer Plus.

    RP200: 3/26/2013 10:37:18 AM - Removed Nuance PDF Viewer Plus.

    RP201: 3/27/2013 3:12:24 PM - Installed Microsoft Fix it 50229

    .

    ==== Installed Programs ======================

    .

    Update for Microsoft Office 2007 (KB2508958)

    3CXPhone

    7+ Taskbar Tweaker v4.0

    Acrobat.com

    Adobe AIR

    Adobe Download Assistant

    Adobe Flash Player 11 ActiveX

    Adobe Flash Player 11 Plugin

    Adobe Presenter 7

    Adobe Reader XI (11.0.02)

    Advanced Audio FX Engine

    Akamai NetSession Interface

    Amazon Kindle

    AnswerWorks 5.0 English Runtime

    CCleaner

    Compatibility Pack for the 2007 Office system

    D3DX10

    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

    Dell Edoc Viewer

    Dell Touchpad

    Dell Webcam Central

    eyeBeam 1.5.20.2

    EZ Home and Office v7.0

    FastStone Capture 6.5

    Foxit Reader

    Google Advertising Cookie Opt-out

    Google Chrome

    Google Update Helper

    GoToMeeting 5.4.0.1082

    HDAUDIO Soft Data Fax Modem with SmartCP

    Intel® Graphics Media Accelerator Driver

    Intel® TV Wizard

    Java 7 Update 11

    Java Auto Updater

    Java 6 Update 26

    Junk Mail filter update

    Live! Cam Avatar Creator

    Malwarebytes Anti-Malware version 1.70.0.1100

    Microsoft .NET Framework 4 Client Profile

    Microsoft Application Error Reporting

    Microsoft IntelliPoint 8.1

    Microsoft Office 2007 Service Pack 3 (SP3)

    Microsoft Office 2010 Service Pack 1 (SP1)

    Microsoft Office Access MUI (English) 2007

    Microsoft Office Access Setup Metadata MUI (English) 2007

    Microsoft Office Basic 2007

    Microsoft Office Enterprise 2007

    Microsoft Office Excel MUI (English) 2007

    Microsoft Office File Validation Add-In

    Microsoft Office Groove MUI (English) 2007

    Microsoft Office Groove Setup Metadata MUI (English) 2007

    Microsoft Office InfoPath MUI (English) 2007

    Microsoft Office OneNote MUI (English) 2007

    Microsoft Office Outlook MUI (English) 2007

    Microsoft Office PowerPoint MUI (English) 2007

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (English) 2010

    Microsoft Office Proof (French) 2007

    Microsoft Office Proof (French) 2010

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proof (Spanish) 2010

    Microsoft Office Proofing (English) 2007

    Microsoft Office Proofing (English) 2010

    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

    Microsoft Office Publisher 2010

    Microsoft Office Publisher MUI (English) 2007

    Microsoft Office Publisher MUI (English) 2010

    Microsoft Office Shared MUI (English) 2007

    Microsoft Office Shared MUI (English) 2010

    Microsoft Office Shared Setup Metadata MUI (English) 2007

    Microsoft Office Shared Setup Metadata MUI (English) 2010

    Microsoft Office Word MUI (English) 2007

    Microsoft Publisher 2010

    Microsoft Save as PDF Add-in for 2007 Microsoft Office programs

    Microsoft Search Enhancement Pack

    Microsoft Security Client

    Microsoft Security Essentials

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

    Movie Maker

    Mozilla Firefox 19.0.2 (x86 en-US)

    Mozilla Maintenance Service

    Mozilla Thunderbird (2.0.0.24)

    MSVCRT

    MSVCRT110

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    MSXML 4.0 SP3 Parser

    MSXML 4.0 SP3 Parser (KB2758694)

    Nuance PaperPort 12

    OGA Notifier 2.0.0048.0

    OpenVPN 2.2.0

    Oracle VM VirtualBox 4.2.4

    PaperPort Image Printer

    Photo Common

    Photo Gallery

    Pidgin

    PowerDVD DX

    Professor Franklin

    Quicken 2011

    Quicken WillMaker Plus 2013

    Roxio Creator Audio

    Roxio Creator Copy

    Roxio Creator Data

    Roxio Creator DE 10.3

    Roxio Creator Tools

    Roxio Express Labeler 3

    Roxio Update Manager

    Screencast-O-Matic

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2553091)

    Security Update for Microsoft Office 2010 (KB2553096)

    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

    Snagit 11

    Update for 2007 Microsoft Office System (KB967642)

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    Update for Microsoft Office 2007 Help for Common Features (KB963673)

    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2553065)

    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2566458)

    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

    Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

    Update for Microsoft Office Access 2007 Help (KB963663)

    Update for Microsoft Office Excel 2007 Help (KB963678)

    Update for Microsoft Office Infopath 2007 Help (KB963662)

    Update for Microsoft Office OneNote 2007 Help (KB963670)

    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

    Update for Microsoft Office Outlook 2007 Help (KB963677)

    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition

    Update for Microsoft Office Powerpoint 2007 Help (KB963669)

    Update for Microsoft Office Publisher 2007 Help (KB963667)

    Update for Microsoft Office Script Editor Help (KB963671)

    Update for Microsoft Office Word 2007 Help (KB963665)

    WebEx

    WebSlingPlayer ActiveX

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live ID Sign-in Assistant

    Windows Live Installer

    Windows Live Mail

    Windows Live Messenger

    Windows Live MIME IFilter

    Windows Live Photo Common

    Windows Live PIMT Platform

    Windows Live SOXE

    Windows Live SOXE Definitions

    Windows Live Sync

    Windows Live UX Platform

    Windows Live UX Platform Language Pack

    Windows Live Writer

    Windows Live Writer Resources

    WinRAR 4.20 (32-bit)

    WinZip 14.5

    .

    ==== Event Viewer Messages From Past Week ========

    .

    3/27/2013 4:20:51 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

    3/27/2013 4:19:38 PM, Error: Service Control Manager [7000] - The eamonm service failed to start due to the following error: The system cannot find the file specified.

    3/22/2013 7:44:56 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

    .

    ==== End Of File ===========================

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.